Re: SMTSVC ?
From: Leon Mayne [MVP] (l.rmvmayne_at_uea.ac.uk)
Date: 03/28/05
- Next message: David Wang [Msft]: "Re: AD user name changed, IIS still sees old user name"
- Previous message: Leon Mayne [MVP]: "Re: IIS6 to block someone from sharing files"
- In reply to: razornt: "SMTSVC ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Mar 2005 22:05:42 +0100
razornt wrote:
> Someone is trying to hack our server via SMTPSVC. When I view the
> event log (system) I see Event ID 100 SMTPSVC and a login attempt.
> However, when I try to match the Event log time with the SMTPSVC log
> time nothing matches. I want to block the IP Address of this
> potential intruder. How do I find the IP Address of this potential
> intruder?
As long as your permissions are set up OK you don't really have to worry.
Spammers are usually scanning for open relays and relays with simple
authentication (e.g. username 'user', password 'password') to send spam
through. If they don't succeed quickly they'll just try another server. SMTP
logs on any platform are always full of hack attempts.
- Next message: David Wang [Msft]: "Re: AD user name changed, IIS still sees old user name"
- Previous message: Leon Mayne [MVP]: "Re: IIS6 to block someone from sharing files"
- In reply to: razornt: "SMTSVC ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
